Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » ElevateDB Technical Support » Support Forums » ElevateDB SQL » View Thread |
Messages 11 to 14 of 14 total |
feature request ... kind of |
Fri, Dec 11 2009 12:40 PM | Permanent Link |
"Lucian Radulescu" | > What I do is when a new user is created for the app I create a user
> in ElevateDB as well - same ID, the password is stored in ElevateDB > not in my users table. I understood you from the first time. IMO your approach is not secure: Your way you're giving access to the EDBServer to the users of a specific application (so some "smart" guy could get EDB Manager from some sites and screw up the database, using the name/password he knows from using the application) My way is users have no idea how to login to the server. They know how to login only in their specific application. They can get EDB Manager but have no idea how to login to the server. Probably you only deploy *one* application and you don't care about this issue ... but that doesn't make it safe. regards, Lucian |
Fri, Dec 11 2009 3:55 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Lucian,
<< If I have a SQL this in an application and among other things CREATE TABLE "mytemptable" AS SELECT * FROM somequeryetc than mytemptable is used to populate some other SELECT ... which than gets displayed in some grid AND, the application is run by many people at the same time, how does that work? >> Just to clarify, you would use: CREATE TEMPORARY TABLE not the normal CREATE TABLE As for other users - each temporary table is session-specific. -- Tim Young Elevate Software www.elevatesoft.com |
Sat, Dec 12 2009 4:29 AM | Permanent Link |
Roy Lambert NLH Associates Team Elevate | Lucian
>> What I do is when a new user is created for the app I create a user >> in ElevateDB as well - same ID, the password is stored in ElevateDB >> not in my users table. > >I understood you from the first time. IMO your approach is not secure: > >Your way you're giving access to the EDBServer to the users of a >specific application (so some "smart" guy could get EDB Manager from >some sites and screw up the database, using the name/password he knows >from using the application) Only if they manage to pick up a copy of EDBManager with a session set up that has the specific encryption password built in >My way is users have no idea how to login to the server. They know how >to login only in their specific application. They can get EDB Manager >but have no idea how to login to the server. Neither do mine. >Probably you only deploy *one* application and you don't care about >this issue ... but that doesn't make it safe. I do care about it, but I have used ElevateDB's encryption feature so not only is the encryption password needed to access the tables those tables that are sensitive are encrypted as well. Roy Lambert |
Sat, Dec 12 2009 10:55 AM | Permanent Link |
"Lucian Radulescu" | > Only if they manage ....
> > Manager but have no idea how to login to the server. > > Neither do mine. Well, they do, "if they manage...." regards, Lucian |
« Previous Page | Page 2 of 2 | |
Jump to Page: 1 2 |
This web page was last updated on Saturday, May 4, 2024 at 12:54 AM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |